Open Source Securityfor GDPR Compliance

Beginning May 25, 2018, supervisory authorities appointed by European Union member states will hold organizations accountable for protecting the private information of EU citizens. Application vulnerabilities in unpatched open source components are now the primary target for hackers. Failure to identify and remediate these vulnerabilities, both in development and in production, can result in compromised customer data, penalties, and fines for General Data Protection Regulation (GDPR) violations.

New Security Standards Impacting Applications

Article 25

Data protection by design and by default.

Article 32

Security of processing.

Article 35

Data protection impact assessment.

Automated Vulnerability Management During Application Development

Rapidly identify vulnerabilities in your code during development and enforce open source usage policies to ensure your developers aren’t pushing vulnerable software into production. Black Duck multi-factor open source detection capabilities ensure that you have complete and accurate visibility into all the open source in your applications, regardless of the programming languages or development tools your team uses.

Continuously Monitor for New Vulnerabilities Affecting Production Applications

As applications transition from development into production, your operations teams must maintain insight into the security posture of the software they’re tasked to maintain. Black Duck OpsSight automatically detects when a container is being added or updated in the registry, scans it for security vulnerabilities, and annotates the image so your teams can act accordingly to address the risk. OpsSight enables operations teams to establish and automatically enforce policies to stop vulnerable containers from being deployed.

Audit Your Application Security Posture for GDPR Compliance

GDPR regulations place responsibility for data privacy upon all members of the software supply chain, and a data breach in a third-party web service with which your applications interact can have significant repercussions on you. Black Duck’s On-Demand Security and API Risk Audits establish a measure of risk associated with your use of open source and the third-party web services with which your applications interact, and arm you with the insight necessary to reduce your application security risk exposure and support GDPR compliance.